Comment 2 for bug 1726372

St├ęphane Graber (stgraber) wrote :

Without looking at the code again (traveling), I believe the best way to fix this is to use even more magic kernel features :)

1) Change the container detection code.
   Rather than compare the two pids we should instead be looking for the inode of /proc/<ns0 pid>/ns/pid and compare it /proc/self/ns/pid. If it doesn't match, we're in a different pidns, regardless of what the pid is.

   This check should be more reliable in general and wouldn't need to have us use the "new" core_pattern field.

2) Use a ucred to send the pid to the apport process in the container.

   A ucred is a special kernel structure which can be sent over a unix socket and which may contain a pid, uid and gid. This is sent through the out of bound communication mechanism of Linux's unix socket implementation.

   ucreds are great for this because any of their field will be translated by the kernel when you read it. So if you set the pid to the host pid, it will be translated to whatever the value is in your pidns. It's also tamper proof. You can only set the pid, uid and gid, to valid values which you own or have privileges over.

The main issue is going to figure out how to send and read ucreds in python.
I've done it many many times in C and Go, but I don't know if python's socket API exposes that kind of low level functionality.